From 762d980ea8ef78e02efd5efb87e71c2cc37cbd8f Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Fri, 25 Apr 2025 01:01:47 +1000 Subject: [PATCH] feat: update dns resolver zone management (#261) - move zones to common role path - specify forwarders for each zone in region based hiera Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/261 --- .../au/region/drw1/infra/dns/resolver.yaml | 58 ++---------- .../au/region/syd1/infra/dns/resolver.yaml | 58 ++---------- hieradata/roles/infra/dns/resolver.yaml | 90 +++++++++++++++++++ 3 files changed, 104 insertions(+), 102 deletions(-) diff --git a/hieradata/country/au/region/drw1/infra/dns/resolver.yaml b/hieradata/country/au/region/drw1/infra/dns/resolver.yaml index 157667c..ae1582f 100644 --- a/hieradata/country/au/region/drw1/infra/dns/resolver.yaml +++ b/hieradata/country/au/region/drw1/infra/dns/resolver.yaml @@ -1,52 +1,8 @@ --- -profiles::dns::resolver::zones: - main.unkin.net-forward: - domain: 'main.unkin.net' - zone_type: 'forward' - forwarders: - - 198.18.17.23 - - 198.18.17.24 - forward: 'only' - 13.18.198.in-addr.arpa-forward: - domain: '13.18.198.in-addr.arpa' - zone_type: 'forward' - forwarders: - - 198.18.17.23 - - 198.18.17.24 - forward: 'only' - 14.18.198.in-addr.arpa-forward: - domain: '14.18.198.in-addr.arpa' - zone_type: 'forward' - forwarders: - - 198.18.17.23 - - 198.18.17.24 - forward: 'only' - 15.18.198.in-addr.arpa-forward: - domain: '15.18.198.in-addr.arpa' - zone_type: 'forward' - forwarders: - - 198.18.17.23 - - 198.18.17.24 - forward: 'only' - 16.18.198.in-addr.arpa-forward: - domain: '16.18.198.in-addr.arpa' - zone_type: 'forward' - forwarders: - - 198.18.17.23 - - 198.18.17.24 - forward: 'only' - 17.18.198.in-addr.arpa-forward: - domain: '17.18.198.in-addr.arpa' - zone_type: 'forward' - forwarders: - - 198.18.17.23 - - 198.18.17.24 - forward: 'only' - consul-forward: - domain: 'consul' - zone_type: 'forward' - forwarders: - - 198.18.17.34 - - 198.18.17.35 - - 198.18.17.36 - forward: 'only' +profiles_dns_upstream_forwarder_unkin: + - 198.18.17.23 + - 198.18.17.24 +profiles_dns_upstream_forwarder_consul: + - 198.18.17.34 + - 198.18.17.35 + - 198.18.17.36 diff --git a/hieradata/country/au/region/syd1/infra/dns/resolver.yaml b/hieradata/country/au/region/syd1/infra/dns/resolver.yaml index 088f065..b26491e 100644 --- a/hieradata/country/au/region/syd1/infra/dns/resolver.yaml +++ b/hieradata/country/au/region/syd1/infra/dns/resolver.yaml @@ -1,52 +1,8 @@ --- -profiles::dns::resolver::zones: - main.unkin.net-forward: - domain: 'main.unkin.net' - zone_type: 'forward' - forwarders: - - 198.18.13.14 - - 198.18.13.15 - forward: 'only' - 13.18.198.in-addr.arpa-forward: - domain: '13.18.198.in-addr.arpa' - zone_type: 'forward' - forwarders: - - 198.18.13.14 - - 198.18.13.15 - forward: 'only' - 14.18.198.in-addr.arpa-forward: - domain: '14.18.198.in-addr.arpa' - zone_type: 'forward' - forwarders: - - 198.18.13.14 - - 198.18.13.15 - forward: 'only' - 15.18.198.in-addr.arpa-forward: - domain: '15.18.198.in-addr.arpa' - zone_type: 'forward' - forwarders: - - 198.18.13.14 - - 198.18.13.15 - forward: 'only' - 16.18.198.in-addr.arpa-forward: - domain: '16.18.198.in-addr.arpa' - zone_type: 'forward' - forwarders: - - 198.18.13.14 - - 198.18.13.15 - forward: 'only' - 17.18.198.in-addr.arpa-forward: - domain: '17.18.198.in-addr.arpa' - zone_type: 'forward' - forwarders: - - 198.18.13.14 - - 198.18.13.15 - forward: 'only' - consul-forward: - domain: 'consul' - zone_type: 'forward' - forwarders: - - 198.18.13.19 - - 198.18.13.20 - - 198.18.13.21 - forward: 'only' +profiles_dns_upstream_forwarder_unkin: + - 198.18.13.14 + - 198.18.13.15 +profiles_dns_upstream_forwarder_consul: + - 198.18.13.19 + - 198.18.13.20 + - 198.18.13.21 diff --git a/hieradata/roles/infra/dns/resolver.yaml b/hieradata/roles/infra/dns/resolver.yaml index 9ec4add..f94eb93 100644 --- a/hieradata/roles/infra/dns/resolver.yaml +++ b/hieradata/roles/infra/dns/resolver.yaml @@ -78,6 +78,96 @@ profiles::dns::resolver::zones: - 10.10.16.32 - 10.10.16.33 forward: 'only' + main.unkin.net-forward: + domain: 'main.unkin.net' + zone_type: 'forward' + forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" + forward: 'only' + 13.18.198.in-addr.arpa-forward: + domain: '13.18.198.in-addr.arpa' + zone_type: 'forward' + forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" + forward: 'only' + 14.18.198.in-addr.arpa-forward: + domain: '14.18.198.in-addr.arpa' + zone_type: 'forward' + forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" + forward: 'only' + 15.18.198.in-addr.arpa-forward: + domain: '15.18.198.in-addr.arpa' + zone_type: 'forward' + forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" + forward: 'only' + 16.18.198.in-addr.arpa-forward: + domain: '16.18.198.in-addr.arpa' + zone_type: 'forward' + forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" + forward: 'only' + 17.18.198.in-addr.arpa-forward: + domain: '17.18.198.in-addr.arpa' + zone_type: 'forward' + forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" + forward: 'only' + 19.18.198.in-addr.arpa-forward: + domain: '19.18.198.in-addr.arpa' + zone_type: 'forward' + forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" + forward: 'only' + 20.18.198.in-addr.arpa-forward: + domain: '20.18.198.in-addr.arpa' + zone_type: 'forward' + forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" + forward: 'only' + 21.18.198.in-addr.arpa-forward: + domain: '21.18.198.in-addr.arpa' + zone_type: 'forward' + forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" + forward: 'only' + 22.18.198.in-addr.arpa-forward: + domain: '22.18.198.in-addr.arpa' + zone_type: 'forward' + forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" + forward: 'only' + 23.18.198.in-addr.arpa-forward: + domain: '23.18.198.in-addr.arpa' + zone_type: 'forward' + forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" + forward: 'only' + 24.18.198.in-addr.arpa-forward: + domain: '24.18.198.in-addr.arpa' + zone_type: 'forward' + forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" + forward: 'only' + 25.18.198.in-addr.arpa-forward: + domain: '25.18.198.in-addr.arpa' + zone_type: 'forward' + forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" + forward: 'only' + 26.18.198.in-addr.arpa-forward: + domain: '26.18.198.in-addr.arpa' + zone_type: 'forward' + forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" + forward: 'only' + 27.18.198.in-addr.arpa-forward: + domain: '27.18.198.in-addr.arpa' + zone_type: 'forward' + forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" + forward: 'only' + 28.18.198.in-addr.arpa-forward: + domain: '28.18.198.in-addr.arpa' + zone_type: 'forward' + forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" + forward: 'only' + 29.18.198.in-addr.arpa-forward: + domain: '29.18.198.in-addr.arpa' + zone_type: 'forward' + forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" + forward: 'only' + consul-forward: + domain: 'consul' + zone_type: 'forward' + forwarders: "%{alias('profiles_dns_upstream_forwarder_consul')}" + forward: 'only' profiles::dns::resolver::views: openforwarder: